ci: add OpenSSF Scorecard GitHub Action workflow#1223
ci: add OpenSSF Scorecard GitHub Action workflow#1223Drishtipixiee wants to merge 1 commit intochaoss:mainfrom
Conversation
Signed-off-by: Drishti Mishra <drishtimishrahere@gmail.com>
Drishtipixiee
force-pushed
the
add-ossf-scorecard-action
branch
from
95a8305 to
7dbab6f
Compare
|
Thanks for taking this. Before we merge this, I think it’s worth stepping back and validating whether adding OpenSSF Scorecard is something we want to adopt more broadly for GrimoireLab from a security and maintenance perspective. If we decide this is useful, ideally it should be applied consistently across all GrimoireLab repositories rather than only grimoirelab-elk, so we avoid fragmentation and uneven security signals. I think we can move the issue to the chaoss/grimoirelab repository too. |
|
I understand your point. enabling OpenSSF Scorecard across all GrimoireLab repositories would be more consistent and useful than introducing it in just one repository. will be glad to follow the discussion in the chaoss/grimoirelab repository and proceed based on the broader decision there. |
2 participants
Fixes #1220
This PR adds the OpenSSF Scorecard GitHub Action as recommended in the official documentation. The workflow runs on pushes to main, weekly on a schedule, and can be triggered manually. Results are uploaded to the GitHub Security tab and stored as artifacts to continuously monitor the project's security posture.